We explore the inference of expressive human-readable
declassification policies as a step towards providing practical
tools and techniques for strong language-based information security.

Security-type systems can enforce expressive information-security
policies, but can require
enormous programmer effort before any security benefit is realized.
To reduce the burden on the programmer, we focus on inference
of expressive yet intuitive information-security policies from
programs with few programmer annotations.

We define a novel security policy language that can express
what information a program may release, under what conditions
(or, when) such release may occur, and which procedures are
involved with the release (or, where in the code the
release occur). We describe a dataflow analysis for precisely
inferring these policies, and build a tool that instantiates this
analysis for the Java programming language. We validate the policies,
analysis, and our implementation by applying the tool to a
collection of simple Java programs.